The comparison to child’s play is good – just like children learn and develop new skills through role play, so can businesses learn through acting out cyber attack scenarios.

“While participants don’t get to dress up in cool super hero costumes or leap tall buildings in a single bound, they do take part in cyber exercises that, if properly executed, can sharpen and strengthen an organization’s response, making it more competent and resilient in the face of a real, live cyberattack.”

Many Internet security companies have developed similar strategies for helping clients learn how to deal with cyber threats, through education and role play. One example is Phishwise.

Phishwise is an end-user spear phishing vulnerability assessment, that will play out different phishing and spear-phishing scenarios. This helps organizations recognize the threat through experiencing it for themselves. You can read more about Phishwise here.

Is subjecting your business and employees to phishing and spear-phishing scenarios really necessary? Perhaps a bit over the top? Not really.

95% of espionageattacks involve Phishing.

Source: Verizon Data Breach Investigations Report – 2014

Businesses have good reason to let their employees engage in simulated cyber-attacks. They get to experience the attacks first hand, learn to distinguish between legitimate and scam emails, which in turn can prevent them from being taken in by email scams and cyber threats in future.

Cyber attakcs are not just an IT issue, it is a business issue, and as such should be taken seriously.